Cyber Security Information Officer

Salary : $98,592.00 Annually
Location : Leonardtown, MD
Job Type: Full-Time
Job Number:
Department: Information Technology
Opening Date: 03/12/2025
Closing Date: Continuous

Job Summary

The Information Security Officer (ISO) is responsible for assisting with the day-to-day operations of securing the county's various information systems. Reporting to the Deputy Director of Information Technology, the ISO is tasked with providing technical expertise in all areas of network, system, and application security for the entire county network including supported sub-agencies. The ISO works closely with the various teams in the Information Technology department, county departments, and allied agencies (Metcom, St. Mary's County Health Department, St. Mary's County Libraries, St. Mary's County Public Schools, etc.) that utilized county infrastructure to ensure that systems and networks are always designed, developed, deployed, and managed with an emphasis on strong, effective security and risk management controls. The ISO leads the county-wide Cyber Security Planning Committee with county, state, and federal Cybersecurity compliance for all county and county allied agencies. Assesses the vulnerability management program, reviews annual cybersecurity assessments and penetration tests, and research and reports on emerging threats, to take pre-emptive risk mitigation steps for multiple county agencies. The ISO effectively correlates and analyzes security events within the county's unique network environment to proactively detect threats and mitigate attacks before they occur by establishing policies and procedures which defend against remote attacks of the county infrastructure. Performs other duties as assigned.
Essential Functions

1. Monitor online security-related resources for new and emerging cyber threats;
2. Ensure compliance with county, state, and federal cybersecurity laws and policies;
3. Proactively monitor the network environment to detect and implement steps to mitigate cyber-attacks before they occur;
4. Provides technical expertise regarding security-related concepts to operational teams within the Information Technology Department and the entire county government network;
5. Assesses new security technologies and threats to determine potential value to protect and defend the enterprise;
6. Prepare for, review, investigate, report, and respond to real-time alerts within the environment;
7. Review real-time and historical reports for security and/or compliance violations;
8. Reviews vulnerability assessments of the county's systems and networks and implements corrective actions and polices to improve cyber posture.
9. Supervises assigned staff;
10. Performs other duties as assigned.

Required Knowledge, Skills, and Abilities

1. Technical knowledge of enterprise-class technologies such as firewalls, routers, switches,
2. wireless access points, VPNs, and desktop and server operating systems;
3. Demonstrate experience implementing and/or enforcing security and compliance
4. Strong writing skills, as well as the ability to articulate security-related concepts to a broad
5. range of technical and non-technical staff;
6. Working experience with creating, implementing, and managing a threat hunting program within a corporate environment; Understanding of Microsoft's enterprise technology platform, including Azure, Active Directory, SQL, IIS, Office365, MFA / 2FA authentication, Entra ID, Intune, BitLocker, Windows Defender, and the Windows server and desktop operating systems; frameworks such as NIST, Cobit, and ISO;
7. Must be a proficient problem-solver that can work autonomously.

Education and Experience

1. Four-year college degree or equivalent industry training and certifications;
2. Three to five years of experience in a security analyst or related position;
3. One or more of the following certifications: CEH, CISM, CompTIA Security+, CISSP, GSEC
4. Experience with managing and securing both on-premise and hosted systems and applications;
5. Experience with application, website, and database security.

Physical and Environmental Conditions:

Work demands occasional strenuous effort. For example, handling of moderately heavy boxes, moderately heavy tools, equipment, or materials of up to 30 to 60 pounds.

Work environment involves everyday risks or discomforts which require normal safety precautions typical of such places as offices, meeting or training rooms, residences, or commercial vehicles, e.g., use of safe workplace practices with office equipment, avoidance of trips and falls, observance of fire regulations and traffic signals, and/or working in moderate outdoor weather conditions.
We offer a complete benefits package to full-time employees including health care, dental, vision, retirement, deferred compensation plan, flexible spending accounts, life insurance, long-term disability, identity theft protection, sick-leave transfer, holidays, vacation, and sick leave.

Regular Part-time employees who work an average of 20 or more hours per week over the course of a year, receive benefits on a pro-rated basis.

To learn more details, visit our benefits page at the following link:
01

Do you have a four-year college degree or equivalent training and certifications? Please explain.
02

Do you have three (3) to five (5) years of experience in a security analyst or related position? Please explain.
03

Do you have one or more of the following certifications: CEH, CISM, CompTIA Security +, CISSP, GSEC? Please explain.
04

Are you able to lift up to sixty (60) pounds?

• Yes
• No

Required Question